WEP 128

About this task

WEP (Wired Equivalent Privacy) is a security protocol specified in the IEEE Wi-Fi (Wireless Fidelity) standard. WEP is designed to provide a WLAN with a level of security and privacy comparable to that of a wired LAN.

WEP can be used with open, shared, MAC and 802.1 X EAP authentications. WEP is optimal for WLANs supporting legacy deployments when also used with 802.1X EAP authentication to provide user and device authentication and dynamic WEP key derivation and periodic key rotation. 802.1X provides authentication for devices and also reduces the risk of a single WEP key being deciphered. If 802.1X support is not available on the legacy device, MAC authentication should be enabled to provide device level authentication.

WEP 128 and Keyguard use a 104-bit key which is concatenated with a 24-bit IV (initialization vector) to form the RC4 traffic key. WEP may be all a small-business user needs for the simple encryption of wireless data. However, networks that require more security are at risk from a WEP flaw. WEP is recommended only when there are client devices incapable of using higher forms of security. The existing 802.11 standard alone offers administrators no effective method to update keys.

WEP 128 or Keyguard provides a more robust encryption algorithm than WEP 64 by requiring a longer key length and pass key. Thus, making it harder to hack through the replication of WEP keys.

To configure WEP 128 encryption on a WLAN:

Procedure

  1. Select Configuration → Wireless → Wireless LAN Policy to display available WLANs.
  2. Click Add to create an additional WLAN, or select an existing WLAN and click Edit to modify its security properties.
  3. Select Security.
  4. Select the WEP 128 check box from within the Select Encryption field.
    The screen populates with the parameters required to define a WEP 128 configuration for the new or existing WLAN.
    Click to expand in new window
    WLAN Security - WEP 128 Screen
    GUID-1C028C05-D92D-44E0-B99F-EB2F902B7F58-low.png
  5. Configure the following WEP 128 settings:
    Generate Keys

    Specify a 4- to 32-character pass key and click Generate. The pass key can be any alphanumeric string. Wireless devices and their connected clients use the algorithm to convert an ASCII string to the same hexadecimal number. Clients without adapters need to use WEP keys manually configured as hexadecimal numbers.

    Keys 1-4 Use the Key #1-4 fields to specify key numbers. For WEP 128 (104-bit key), the keys are 26 hexadecimal characters in length. Select one of these keys for default activation by clicking its radio button. Selecting Show displays a key in exposed plain text.
    Restore Default WEP Keys Select this button to restore the WEP algorithm to its default settings.
    Default WEP 128 keys are as follows:
    • Key 1 101112131415161718191A1B1C
    • Key 2 202122232425262728292A2B2C
    • Key 3 303132333435363738393A3B3C
    • Key 4 404142434445464748494A4B4C
  6. Select OK when completed to update the WLAN's WEP 128 encryption configuration.

    Select Reset to revert to the last saved configuration.

What to do next

Before defining a WEP 128 supported configuration on a WLAN, refer to the following deployment guidelines to ensure the configuration is optimally effective:
  • Additional layers of security (beyond WEP) should be enabled to minimize the likelihood of data loss and security breaches. WEP enabled WLANs should be mapped to an isolated VLAN with firewall policies restricting access to hosts and suspicious network applications.
  • WEP enabled WLANs should be permitted access only to resources required by legacy devices.
  • If WEP support is needed for WLAN legacy device support, 802.1X EAP authentication should also be configured in order for the WLAN to provide authentication and dynamic key derivation and rotation.